Home > Vulnerability Database > CVE-2022-46907

Mend.io Vulnerability Database

CVE-2022-46907

Good to know:

Date: May 25, 2023

A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later.

Language: Java

Severity Score

6.1

Related Resources (14)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-46907

Url: https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-46907

Url: https://github.com/apache/jspwiki/commit/9d6dbf911d52d724297e4e46c4b80649fb028ff9

Url: https://github.com/apache/jspwiki/commit/46e1ef7a595ca5cabf5ef184139910413f2024fc

Url: https://github.com/apache/jspwiki/commit/75019d337f1d0033b1f65428e75f43baeffd99dd

Url: https://github.com/apache/jspwiki/commit/82be08904a6d8bd22fa2d4e5a7e85f43408724d3

Url: https://github.com/apache/jspwiki/commit/df20770f251a8d7431047e556b144ef24ee6a3a7

Url: http://www.openwall.com/lists/oss-security/2023/05/25/1

Url: https://github.com/apache/jspwiki/commit/0b9a0149032170063f22d65e335dfd317db815ea

Url: https://github.com/apache/jspwiki/commit/484c6a133e397693991b7c9a9b62ef3ca48ce707

Url: https://github.com/apache/jspwiki/blob/37bf55373ed5a739a388a720163cf51d1104537f/ChangeLog.md?plain=1#L112

Url: https://github.com/apache/jspwiki

Url: https://lists.apache.org/thread/1m0mkq2nttx8tn94m11mytn4f0tv1504

Url: https://www.mend.io/vulnerability-database/CVE-2022-46907

Severity Score

6.1

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

Upgrade Version

Upgrade to version org.apache.jspwiki:jspwiki-main:2.12.0;org.apache.jspwiki:jspwiki-war:2.12.0

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-46907

Good to know:

Date: May 25, 2023

Language: Java

Severity Score

Related Resources (14)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?